Snyk has created this PR to upgrade auth0-js from 9.19.0 to 9.19.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2022-09-09.
This release by default now stores additional cookies for backward compatibility when using the SameSite attribute, for those older browsers that do not understand SameSite=None. As well as creating the normal transaction cookies with Secure=true and SameSite=none, it also stores a _x_compat cookie (where x is the name of the original cookie) which only sets Secure=true.
If the generation of these extra cookies is undesirable or unnecessary for your use case, you can turn them back off by setting legacySameSiteCookie: false in the SDK configuration.
Added
Add compatibility cookie for SameSite, with option to turn it off #1232 (stevehobbsdev)
Snyk has created this PR to upgrade auth0-js from 9.19.0 to 9.19.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: auth0-js
-
9.19.1 - 2022-09-09
- Clean up old/missing library migration links #1256 (stevehobbsdev)
- Clarify usage of legacySameSiteCookie in readme #1255 (stevehobbsdev)
- Security: Bump dev dependencies and update lockfile #1244 (evansims)
-
9.19.0 - 2022-01-25
- Add compatibility cookie for SameSite, with option to turn it off #1232 (stevehobbsdev)
from auth0-js GitHub release notesThis release includes some clarification updates to the readme, as well as a culmination of security patches from dependabot.
Changed
Security
This release by default now stores additional cookies for backward compatibility when using the
SameSiteattribute, for those older browsers that do not understandSameSite=None. As well as creating the normal transaction cookies withSecure=trueandSameSite=none, it also stores a_x_compatcookie (wherexis the name of the original cookie) which only setsSecure=true.If the generation of these extra cookies is undesirable or unnecessary for your use case, you can turn them back off by setting
legacySameSiteCookie: falsein the SDK configuration.Added
Commit messages
Package name: auth0-js
- c3f6e5a Release 1.19.1 (#1265)
- 72c8552 Merge pull request #1259 from auth0/dependabot/npm_and_yarn/terser-4.8.1
- 648ff06 Bump terser from 4.8.0 to 4.8.1
- a5de80a [SDK-3464] Upgrade Codecov (#1258)
- 0d91f9f Merge pull request #1257 from auth0/dependabot/npm_and_yarn/moment-2.29.4
- 6e10966 Bump moment from 2.29.3 to 2.29.4
- 873b84c Clean up old/missing library migration links (#1256)
- a318b07 Create .semgrepignore
- 896955f Clarify usage of legacySameSiteCookie in readme (#1255)
- bb60d70 Use make steps to publish (#1254)
- 0db68c6 Create semgrep.yml
- 3f2214c Bump ejs from 3.1.6 to 3.1.8 (#1252)
- 327341e Merge pull request #1251 from auth0/dependabot/npm_and_yarn/got-11.8.5
- 101500a Bump got from 11.8.3 to 11.8.5
- def8fd4 Update README.md (#1246)
- 7511717 Update README to include import statement (#1245)
- 025fa3a Merge pull request #1244 from auth0/dependencies/update-lockfile/04-10-22
- 8438d70 Override `lodash` transient dependency version
- ba864ae Incorporate bump fixes from PR 1242 and 1243
- 76e4561 Update .eslintrc.json
- 8890864 Update .eslintrc.json
- 409b2dd Fix an issue with `test:es-check:es2015:module` syntax
- 3dc8748 Update lockfile and trim abandoned dependencies
- 8cf2663 Merge pull request #1241 from auth0/dependabot/npm_and_yarn/minimist-1.2.6
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs